Hello Kitty網站遭襲 三百萬使用者資料外洩
A database for Sanrio, the Japanese owner of the Hello Kitty brand, was breached, putting 3.3 million of its users' data at risk, according to security website 's report.
網路安全資訊網站的一份報告顯示,日本三麗鷗公司(Sanrio)某資料庫遭遇攻擊,導致330萬Hello Kitty品牌客戶的資料面臨風險。
The leaked data includes information such as users' full names, email addresses and encrypted passwords, the website reported, citing security researcher Chris Vickery.
報告指出,據網路安全研究員克里斯·維克瑞稱,此次洩露的資料包括使用者全名、電子郵箱地址,以及加密密碼。
The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.
而這330萬個賬號的使用者姓名、生日、性別、國籍,以及電子郵箱都可能遭到曝光。
It is not clear if the exposed data contained any financial information.
此次洩露的資料中是否還包含客戶的財務資訊,目前仍不得而知。
The passwords are 'lightly-protected' along with forgotten password questions and answers.
使用者密碼的保護機制似乎“並不嚴密”,僅有密碼重置問題與答案兩項。
The passwords themselves are “hashed”, a form of protection which renders it technically impossible to retrieve the original password.
不過,三麗鷗對使用者密碼採取了“雜湊運算”,能保證初始密碼不會被完全破解。
However, the hashing technique used by SanrioTown leaves it easy for an attacker to uncover a significant proportion of the obscured passwords.
然而,即便採取了上述加密技術,黑客依舊能破譯很大一部分字元。
Sanrio, the owner of the brand, has not publicly responded to the allegations of an account leak.
截至目前,三麗鷗公司尚未對賬戶洩露事件作出公開回應。
As well as SanrioTown itself, accounts from a number of other Hello Kitty websites were also included in the leak: according to Salted Hash, those are , , , , and . Two backup servers were also discovered online.
除了三麗鷗網站賬戶外,不少Hello Kitty衍生網站的賬戶資訊也遭到洩露,包括,,,和。另外,該公司的兩份備份資料也在網上被公之於眾。
This is the second major breach of an Asian toy company's database in as many months.
這已是數月來第二宗針對亞洲玩具公司資料庫的大規模網路攻擊了。
Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber attack that compromised information about customers who access a portal for downloading children's games, books and other educational content.
另一家電子玩具製造商偉易達(VTech Holdings Ltd)稱,11月公司曾遭遇一輪網路攻擊。顧客在登入公司網站下載兒童遊戲、書籍及教育材料後,個人資訊會遭到洩露。
Vickery and Sanrio could not immediately be reached for comment.
目前,維克瑞與三麗鷗公司均未對此事作出迴應。
